Under data protection law, you have rights that we need to make you aware of. the rights available to you depend on our reason for processing your information.

Your right of access

You have the right to find out if we are using or storing your personal data. This is called the right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘subject access request’.

How to access you data

You can make a subject access request to find out what data is held and how it is used. You may make a subject access request before exercising your other information rights.

You can make a subject access request verbally or in writing. We would recommend emailing dpo@stivesholidaybookings.co.uk.

If you make your request verbally, we would recommend that you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions.

To exercise your right of access, follow these steps

Step 1

Identify where to send your request

Think about what personal data you want to access.

Step 2

Make your request directly to us.

State clearly what you want.

You might not want all the personal data that we hold about you. We may be able to respond more quickly if you explain this and identify the specific data you want.

When making a subject access request, include the following information:

Your name and contact details.

Any information used by us to identify or distinguish you from other people with the same name (account numbers etc).

Any details or relevant dates that will help it identify what you want.

For example, you may want to ask for:

mails between ‘person A’ and ‘person B’ (say from 1 June 2018 to 1 Sept 2018

Step 3

Keep a copy of your request.

Keep any proof of postage or delivery.

Letter template

[Your full address]

[Phone number]

[The date]

[Name and address of the organisation]

Dear Sir or Madam

Subject access request

[Your full name and address and any other details to help identify you and the data you want.]

Please supply the data about me that I am entitled to under data protection law relating to: [give specific details of the data you want, for example:

[• copies of statements (between 2013 and 2017) held in accountnumber xxxxx.]

If you need any more data from me, or a fee, please let me know as soon as possible. It may be helpful for you to know that data protection law requires you to respond to a request for data within one calendar month.

If you do not normally deal with these requests, please pass this letter to your DataProtection Officer, or relevant staff member. If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. Its website isico.org.uk or it can be contacted on 0303 123 1113.

Yours faithfully

[Signature]

When can we say no?

We may legally have to refuse your subject access request if your data includes information about another individual, except where:

the other individual has agreed to the disclosure, or

it is reasonable to provide you with this information without the other individual’s consent.

In deciding this, we will balance your right to access your data against the other individual’s rights regarding their own information

We can also refuse your request if it is ‘manifestly unfounded or excessive’. In any case we will tell you and justify our decision.